-N Directs identd to check for a file
HIDDEN-USER instead of the normal USERID
response.

-e Enables certain non-standard protocol extensions.
Currently defined extensions include the requests
VERSION to return the Ident daemon version and
QUIT to terminate a session (useful in conjunction
with the -m option).

-m Enables identd to use a mode of operation
that will allow multiple requests to be processed per
session. Each request is specified one per line and the
responses will be returned one per line. The connection will
not be closed until the connecting part closes it's end of
the line.

INSTALLATION

The prefered way to start identd depends on how it
was built.

If it was built with support for multithreading then it
should be started either from init , as a standalone
daemon or from inetd using the
inetd supports it!)

If it was built without support for multithreading then it
should be started from inetd using the normal
one client connection at a
time).

identd normally will autodetect how it was invoked so
there normally is no need to use the four command line
switches (-i, -w, -I, -b).

ENCRYPTION

DES encryption is only available if the daemon was built
with support for it enabled.

An encryption key (1024 bytes long) should be stored in the
key file ( /etc/identd.key ) and it should be
generated using a cryptographically safe random generator in
order to be really safe. It should not contain any NUL
(0x00) characters since this is used as a string to generate
the real binary DES key.

This file may contain multiple 1024 byte long keys, and the
server will use the last key stored in that
file.

The returned token will contain the local and remote IP
addresses and TCP port numbers, the local user's uid number,
a timestamp, a random number, and a checksum - all encrypted
using DES. The encrypted binary information is then encoded
in a BASE64 string (32 characters long) and enclosed in
square brackets to produce a token that is transmitted to
the remote client.

The encrypted token can later be decrypted by the
idecrypt command. This program will attempt to
decrypt a token with all the keys stored in the key file
until it succeeds (or have tried all the keys).

CONFIGURATION FILE

The configuration file contains a list of
option=value pairs.

syslog:facility = FACILITY

Set which facility to use when sending syslog messages. See
syslog.conf(5) for more information.

server:user = USER

Set what user (and group, from the passwd database) the
daemon should run as after it has opened all the kernel
handles. (Default: nobody)

server:group = GROUP

Override the group id (as set by the server:user
option).

server:port = PORT

Set what TCP/IP port the daemon should listen to. (Default:
113)

server:backlog = LIMIT

Set the size of the server listen() backlog
limit.

server:pid-file = PATH

Set the path to the file where the server will store it's
process id.

server:max-request = LIMIT

Max number of concurrent requests allowed. Default is 0
(zero) which means

protocol:extensions = ON/OFF

Enable/disable the nonstandard protocol extensions (
VERSION and QUIT currently). Default:
off

protocol:multiquery = ON/OFF

Enable/disable the multiple queries per connection feature.
Default: off

protocol:timeout = SECONDS

Max number of seconds since connection or last request. If
set to 0 (zero), no timeout will be used. Default: 120
seconds.

kernel:threads = LIMIT

Max number of threads doing kernel lookups concurrently.
Default: 8

kernel:buffers = LIMIT

Max number of queued kernel lookup requests. Default:
32

kernel:attempts = LIMIT

Max number of times to retry a kernel lookup in case of
failure. Default: 5

result:uid-only = YES/NO

Disable uid-

result:noident = ON/OFF

Enable/disable checking for the

result:charset = CHARSET

Define the character set returned in replies. Default:

result:opsys = OPSYS

Define the operating system returned in replies. Default:

result:syslog-level = LEVEL

If set to anything other than
syslog.conf__(5)? for
more information. Default: none

result:encrypt = YES/NO

Enable encryption of replies. Only available if Identd was
built with a DES encryption library.

encrypt:key-file = PATH

Path to the file containing the encryption
keys.

include = PATH

Include (and parse) the contents of another configuration
file.

NOTES

The username (or UID) returned ought to be the login name.
However it (probably, for most architecture implementations)
is the
setuid__(3)? call and their children. For
example, it may (should?) be wrong for an incoming
ftpd ; and we are probably interested in the running
shell, not the telnetd for an incoming telnet
session. (But of course identd returns info for
outgoing connections, not incoming ones.)

FILES

/etc/identd.conf

Contains the default configuration options for
identd.

/etc/identd.key

If compiled with DES encryption enabled, the 1024
first bytes of this file is used to specify the secret key
for encrypting replies.

/var/run/identd/identd.pid

Contains (if enabled) the process number of the
identd daemon.

AVAILABILITY

The daemon is free software. You can redistribute it and/or
modify it as you wish - as long as you don't claim that you
wrote it.

The source code for the latest version of the daemon can
always be FTP'd from one of the following
addresses:

Please note that any user can change the contents of pages on this site,
and therefore the Waikato Linux Users Group can offer no assurances that
the information is correct, and the information on this site is not
necessarily the opinion of the Waikato Linux Users Group, or any of its
members. If you have any complaints about the contents of this page,
please do not hesitate to contact the Waikato Linux Users Group, or, click
the Edit button!

Unless otherwise noted, all pages on this site are licensed under the
WlugWikiLicense.